<?
include_once("../include/session.php");
include_once("../include/dbConnect.php");
include_once("../include/function/functRandAscii.php");
if(ereg("userLogin",$_SERVER['PHP_SELF'])) exit();
?>
<link href="../style/common.css" rel="stylesheet" type="text/css">
<link href="../style/style.css" rel="stylesheet" type="text/css">
<?
//check if logout
if($_GET["logout"]){
	//unset all session
	$count=$_SESSION["count_value"];
	session_unset();
	//session_destroy();
	$_SESSION["count_value"]=$count;
	$_SESSION["count_visited"]=session_id();
}

if(($_SERVER['REQUEST_METHOD']=="POST")&&(trim($_POST["Login"])=="Login")){
	//get variable from submit form
	$username=trim(strip_tags($_POST["username"]));			//get username variable
	$password=md5(trim(strip_tags($_POST["password"])));	//get password variable
	$keycode=trim(strip_tags($_POST["keycode"]));			//get keycode variable
	
	//query for checking username
	$query=mysql_query("SELECT * FROM users WHERE username='".$username."' and active='yes'");
	
	//check result of query
	if(mysql_num_rows($query)){
		//fetch data from database
		$userdata=mysql_fetch_array($query);
		$passwd=$userdata["password"];
		$date_log=$userdata["date_log"];
		$access=$userdata["access"];
		
		if ($keycode!=$_SESSION["keycode"]||$keycode="") {
			// if keycode is not match
			echo "<script>alert('keycode salah !')</script>";
		}else	if($passwd!=$password){
			//if password is not match
			echo "<script>alert('username dan atau password salah !')</script>";
		} else {
			//update date_log that indicate last login of user
			mysql_query("UPDATE users SET date_log=NOW(),rate=(rate+1) WHERE username='".$username."'");
			//create sessions 
			$_SESSION["log"]="OK";
			//$_SESSION["username"]=$username;
			$_SESSION["username"]=$username;
			$_SESSION["date_log"]=$date_log;
			$_SESSION["akses"]=$access;
			if($access!=""){
				$sql="SELECT * FROM access WHERE active='yes'";
				$query=mysql_query($sql);
				while($data_access=mysql_fetch_array($query)){
					if(ereg($data_access["accessid"],$_SESSION["akses"])){
						$file=split("/",$data_access["page"]);
						$target.=$file[count($file)-1].";";
					}
				}
			$_SESSION["page"]=$target;	
			}
	 			
		}
		
	} else {
		//if username is not match
		echo "<script>alert('username dan atau password salah  !')</script>";
	}
	
}
/*
	for generate random ascii
	@function : random($min_length, $max_length)
*/
//$_SESSION["keycode"]=random(4,6);
//check if session log is true
if($_SESSION["log"]!="OK"){
	 //below for user not logged yet

?>

 <form name="formLogin" method="post" action="<? echo $_SERVER['PHP_SELF']?>">
  <table width="100%" border="0" cellpadding="0" cellspacing="0">
    <tr> 
      <td height="25" class="titleTable"> &nbsp; <img src="../images/dot.gif" width="7" height="10"> 
        USER LOGIN</td>
    </tr>
  </table>
  
   <table width="100%" border="0" cellpadding="0" cellspacing="0">
    <tr> 
      <td width="13%" height="79" align="center"><br></td>
      <td width="87%" height="79">
  
   <img src="../include/keycode.php" title="Keycode for security" onClick="window.open('../include/keycode.php?width=240&height=120&min=24&max=27','keycode',config='width=250,height=130,scrollbar=no')"></td>

   <? //$_SESSION["keycode"]=random(4,6);
      //echo $_SESSION["keycode"];

   ?> 
   </tr>
    <tr>
      <td >&nbsp;</td>
      <td >&nbsp;</td>
    </tr>
    <tr> 
      <td class="fieldTable">Username</td>
      <td class="fieldTable"><input name="username" type="text" id="username" class="inputSearch" title="Fill your username here!"></td>
    </tr>
    <tr> 
      <td class="fieldTable">Password</td>
      <td class="fieldTable"><input name="password" type="password" id="password"  class="inputSearch" title="Fill your password correctly here !"></td>
    </tr>
    <tr> 
      <td class="fieldTable">Keycode</td>
      <td class="fieldTable"><input name="keycode" type="text" id="keycode" class="inputSearch" title="Correct your keycode same as keycode image"></td>
    </tr>
    <tr> 
      <td height="39">&nbsp;</td>
      <td class="fieldTable"><input type="submit" name="Login" value=" Login " class="inputSearch" title="Login"> 
        &nbsp; <a href="#"  title="Get your password back" onClick="window.open('../include/forgetPassword.php','forgetPassword',config='width=300,height=300,scrollbar=no');">forget 
        password</a> ?</td>
    </tr>
  </table>
  <? } else {
	?>

 
  <table width="100%" border="0">
    <tr> 
      <td height="24" class="titleTable" colspan="2"> &nbsp; <img src="../images/dot.gif" width="7" height="10"> 
        MENU USER</td>
    </tr>
    <tr>
      <td height="23" class="fieldTable">&nbsp;</td>
      <td class="cellTable">Selamat Datang <? echo "<i><b>".$_SESSION["username"]."</b></i>" ?>, 
        login terakhir anda : <? echo $_SESSION["date_log"]; ?></td>
    </tr>
    <tr> 
      <td height="23" class="fieldTable">&nbsp;</td>
      <td class="fieldTable">&nbsp;</td>
    </tr>
    <tr> 
      <td width="4%" height="23" class="fieldTable"><img src="../images/e03.gif" width="12" height="14"></td>
      <td width="96%" class="fieldTable"><a href="../home/vUpdateUser.php"><strong>Update 
        user data</strong></a></td>
    </tr>
    <?
		$sql="SELECT * FROM users WHERE username='".$_SESSION["username"]."' and active='yes'";
		$query_sql=mysql_query($sql);
		if(mysql_num_rows($query_sql)){
			$userdata=mysql_fetch_array($query_sql);
			$access=$userdata["access"];
			$sql="SELECT * FROM access WHERE active='yes' ORDER BY accessid ASC";
			$query_sql=mysql_query($sql);

			while($accesspage=mysql_fetch_array($query_sql)){
				if(ereg($accesspage["accessid"],$_SESSION["akses"])){
					echo "<tr><td width=\"4%\" class=\"fieldTable\"><img src=\"../images/e03.gif\" width=\"12\" height=\"14\"> </td>";
					echo "<td width=\"96%\" height=\"24\" class=\"fieldTable\">";
					echo "<b><a href=\"".$accesspage["page"]."\">".$accesspage["accessid"]."</a></b></td></tr>\n";
				}
			}
		}
		?>
    <tr> 
      <td height="24" class="fieldTable"><img src="../images/e03.gif" width="12" height="14"></td>
      <td height="24" class="fieldTable"><a href="<? echo $_SERVER['PHP_SELF']; ?>?id=<? echo base64_encode(session_id().$_SESSION["username"]) ?>=&logout=true"><strong>Logout</strong></a></td>
    </tr>
  </table>
	<? } ?>
</form>
